Posted
by
CmdrTaco
on Thursday September 16, 1999 @08:10AM
from the wouldn't-it-be-nice dept.

GoBears writes "A "high-placed" AC within the federal government leaked the news. The Merc says: Exporters of the strongest encryption products, which generally have keys of 128 bits or more, will no longer need to license each shipment. Instead, they will in most instances only need to have a one-time technical review of the product. " At least its a step in the right direction. Of course,
the real end is no restrictions on any kind of software, but we can dream, right?

To be fair to the gov a law or policy can not have an exact meening untill a judge rules on it. And for a judge to rule on it it must go to court. It may not be perfect but that is how it is. (Ofcourse the bit about having your door kicked in kind of sucks)

To reduce government control over--and involvement with--the export of software would be a step towards Libertarianism, not Liberalism. As someone who tries to occupy both camps at the same time, I'd argue that there's a powerful distinction.

A Liberal move would be more along the lines of "A PGP install on every desktop in America!";) Freedom and Fairness are not always congruent.

Well, this [bbc.co.uk] article on the bbc news website seems to think that relaxation of the law is through - along with £80m for (presumably) the NSA to improve it's code cracking power. looks like times are a-changing!

Aside from the political motivation of U.S. laws, classifying software as munitions seems like one of those fortunes that read "In (your-favorite-us-state-here) it is not allowed to ride a white male horse after 5 p.m..

I fear you are right about the gov't making sure they can get in if need be... but, alas, the last several years have shown that we don't have much effect on what the gov't does in this area, so at this point, we may as well sit back and wait for reports to start trickling in about what the 'technical reviews' actual do require of a product.

Like has been noted, this is a concession to the high tech industry, because they have money and have been up their playing the Washington game. It is evidence that the current regime is willing to heed to corruption from sources other than its own departments of love, but not much more than that.

Government by balanced corruption. How about it?

Does this mean that efforts like GPG will be able to accept American developers? Does it mean that we will no longer need to have two versions of every browser? And does this mean that Linus can start including crypographic features in the kernel?

As long as the American regime is still pushing crytography as something that will let evil terrophiles reign free, I wouldn't hold my breath.

-/. is like a steer's horns, a point here, a point there and a lot of bull in between.

I may be missing something obvious here, but why for crying out loud can't people use PGP (or even the new GPG)? They are available free worldwide without any export restrictions (see PGPi.com and gnupg.org) and are many times stronger than standard 128-bit stuff.

No, they're not. The 1024 or 2047 bit RSA key is only used once, to set up a 128 bit key to do the actual message encryption (ref ftp://ftp.pgpi.org/pub/pgp/6.0/docs/IntroToCrypto. pdf, bottom of page 33). You don't bother trying to crack the RSA key, you go after the IDEA key. The disadvantage is that you have a different IDEA key for each message.

This is an administration which has fought to give the FBI the ability for "roving" wiretaps.

This is the administration of "I did not have sexual relations with that woman." This is the administration of "I will have the most ethical administration in history...".

This is the administration which has kept Louis Freeh in charge of the FBI. In case you don't remember Louis Freeh has opposed encryption on the grounds of "We need a fouth amdendment that works into the 21st century."

Have no doubt that they'll do nothing of any importance to strengthen crypto. If they do weaken the restrictions it will be meaningless.

This isn't a move towards liberalisation; it's simply an (admittedly rare) concession to reality. The G4 is officially classed as 'munitions', and if the US has any pretentions at all towards an electronic economy, it's got to do this. I don't imagine it was done with any zeal on the part of the government.

So what if symmetric-key encryption can use 128 bits? That only helps if you have some way to exchange keys, and you can only export 512 bits of RSA. By *definition* if you can export something, the NSA can break it. The only uncertainty there is whether the NSA can break larger numbers of bits. -russ

This only seems to be an improvement at first gloss. It'll make it easier for companies to distribute products with strong encryption once they've passed a technical review. However consider the technical review itself for a minute. Will the government be using experts to ensure that the underlying cryptological techniques are sound and that the implementation is sound? A more likely scenario is that the technical review will center more around required backdoors or weaknesses so that the government can get in if they deem it necessary. The end result isn't easy export of strong encryption, the end result is easy export of "strong" encryption.

How does this apply to open source products? What If a company decides to export open source software as part of their product? Will this one check apply to all instances of export for a given product?

Please, explain more, as I have never dealt with export controls before, but it's EXTREMELY interesting..

I may be missing something obvious here, but why for crying out loud can't people use PGP (or even the new GPG)? They are available free worldwide without any export restrictions (see PGPi.com [pgpi.com] and gnupg.org [gnupg.org]) and are many times stronger than standard 128-bit stuff. Yes, I know a commercial license is required for PGP, but the mere fact that there is no export hassle should make it a no-brainer.

Its kinda interesting. We can never be sure, but was it the competition of the general public that drove the government to stop their laws? It seems they are being a bit more sensible about this. We (the US) have taken every single way of getting around export laws, that they have been made useless. In other words, the government looks like they wanna save face by saying, "it's ok" on something they haven't too much control over. Especially with GPG and the like...

Hopefully the major US Linux distributions (Debian, Redhat) will soon ship with GPG preinstalled. When that happens you'll see other modifications put in, like say, automatic downloads of public keys from keyservers and automatic encryption in sendmail. After which GPG/PGP should really take off.

Damn right. I'd use encryption on all my e-mail, IF the process of encrypting and decrypting the e-mail was transparent. GPG/PGP/Whatever. I feel that if this process was totally simple, everyone would use it. Heck, even Microsoft would be forced to add it to Outlook Express, although with the encryption broken badly.:-)

I quote from the article Legislation will be proposed to Congress that will set up a system for law enforcement officials to go to court to get from third parties the keys that would open encrypted messages.

Which third parties, will you in the US now have to give a copy of our private key to some thrid party, so that they can decrypt messages whenever they want to?

It seems to me that if this is so, then it would be a step in the WRONG direction.

However, I could be wrong, I would like to wait and see the results.

For now I will just be glad that I live in Canada, and have no export restrictions in the first place.>~~~~~~~~~~~~~~~~

The "technical review" weasel words ensure that only encryption that is approved by the feds (i.e. weak encryption, or encryption with back doors) will make it out of the country. No progress has been made; they're just trying to trick US companies into putting backdoors in their encryption products.

Perhaps I am cynical, but I can't help thinking this may have been done in an attempt to divert attention from all the further restrictions they're placing on us. Satellite phones are banned, NSA backdoors, etc. Just like the "tax cut": Take 47% of our money, then we should be happy when they give back 1%.

If we HAVE to have any government intervention at all, the least they could do is be consistent. Nevertheless, it IS a tiny step in the right direction.

Depends on your definition of "liberal". The term Classic Liberal is often synonymous with Libertarian. Then you have the liberals of the 1960's, who were alligned with equal rights and peace (something I hope we can all agree on). Sadly, the term has become tarnished due to the many psuedo-socialists who have adopted the term. However, I do hope Pulp leans to the classical side, rather than the modern version.

JL Culp Chairman, Libertarian Party of Sumner County http://sumnerlp.org

No. I would imagine that the technical review would be there in order that the US Government keeps its regulatory powers there, on a sort of "use it or lose it" basis. That way, if they decide to change the regime back again, they wouldn't need to establish new powers.

Also, the technical review lets them see exactly what the non-government sector has, and to keep track of how far ahead of the envelope the NSA is. The US encryption law is a lousy thing, but I would not waste energy on constructing a conspiracy theory around the technical review. This reminds me too much of the "back door" into DES which turned out not to be there. (Everyone thought that the NSA was being cagey about the reasons for the form of the DES s-boxes in order to protect a bank door; in fact they were not giving details because DES was optimised against a kind of cryptanalysis which wasn't in the public domain).

On a related point, I think there's an inconsistency in this post. If the NSA can spot "back doors" in commonly available packages, and if that were the reason they wanted to check new packages, then it would not be true that strong encryption was out of the bag.

The timing of the announcement is fortuitous for Vice President Al Gore, who is scheduled to be in Los Altos on Friday to raise funds for his presidential bid. A year ago, Gore promised to redraft the administration's encryption policy and is widely credited with spearheading the effort.

Hmmmm. Call me paranoid and cynical, but here is what I see:

1. Al Gore, after "inventing" the Internet, declares he was the one to free crypto from its shackles. Much rejoicing ensues. He is able to use this pending legislation to rake in the Corporate money into his "war chest" and makes his election as "Top Dog of the USA" that much easier.

2. Meanwhile, a draft bill is presented to Congress to authorize Crypto export. Conveniently, some representative proposes this (controversial) bill to be examined later on -- say, right after the 2000 presidential election.

3. A short while after the election, some idiot declares that this law cannot be accepted and has to be repelled. Which is what happens after much discussion behind closed doors with the US intelligence community (read: CIA/FBI/NSA).

4. Al Gore, from behind the Great Seal of the President of the United States, puts the blame squarely on Congress. Why should he care anyway? The guy has got the job he wanted.

Remember: this is the same administration that prosecuted Phil Zimmermann for PGP, let Congress pass the CDA and offered the NSA Clipper chip as the ultimate in personal security and encryption.

I've already seen several people here remark that this probably means the NSA can break whatever's out there now, or is now relying upon inserting "back doors" at the time of the proposed technical review of a product.

There's also the possibility that the Administration is trying to help Gore.

I'm of the opinion, however, that they might just be bowing to the inevitable. This action might have been sparked, in no small part, by the recent furor over the extra key in Windows CSP system. Since this extra key now enables ANYONE to install their own encryption in Windows (i.e. export control for Windows is now dead as a doornail -- a huge, huge deal), they might just be reacting (finally) to the writing on the wall.

Well, of course I know the definition of liberal. That but times have changed sadly:( Btw just on a personal note, I was reading through the libertarian faq after checkout out your site. I registered independent, but tend to lean towards libertarianism. But I just wanted to know, how in the world do you expect the country to survive without any tax whatsoever. I've always thought income tax to be bad, but without some replacement, we would have absolutly no support for an infrustructure. Aka Military, interstate roads, etc. We all know how badly the original Articles of Confederacy lead us in being a national power.

The whole point of the regulations is to inhibit installation of strong crypto into mass-market software. They know they can't stop the distribution of standalone programs, but they also know that relatively few people will use them. /.

> My understanding of the NSA's position re. DES was that they were > opposed to software implementations because they did not believe > that any software encryption solution was secure.

True. And correct - even today, if you can fab DES chips and place them into DES gadgets, ideally in tamper-resistant packaging, you can be more confident of the security of your implementation than a guy with a DES-in-bits-of-magnetic-flux computer. It's a lot harder to replace a chip than it is to install a trojan on a target machine:)

> Every intervention of the NSA of which I am aware has had the effect of > making a product more secure, not less.

Amen. The strengthening of DES against differential attacks is probably just the best--known example. Just because NSA's hat isn't lily-white doesn't mean it's black. At the time of the strengthening, a strong DES was a Very Good Thing for national security.

Truth be known - and I'm still not saying that I'd trust NSA as far as I could throw it - I'd trust them before I'd trust the FBI. NSA's actions are consistent with the use of SIGINT for national security. Compare the number of times NSA has played the "drug dealers, pedophiles, and terrorists" card with the number of times we've heard it coming from Ms. Reno and Mr. Freeh.

IMHO part of this is likely cultural - NSA knows it's got better things to do with its time than invade your privacy. Any harm done to your privacy from NSA is simply collateral damage as it carries out its mission. Law enforcement, presumably since it comes from a culture in which "chasing down bad guys" is more important than "leaving the good guys alone", has yet to figure this out.

Obviously Debian cannot ship GPG as part of the base system or even on CDs. But would it be legal for the initial selection list in dselect to include gpg? I don't think gpg should be upgraded to priority Standard, but perhaps it could be included in the Mail metapackage; would this count as an encryption "hook"? There was a proposal recently to allow packages to declare which metapackage(s) they belong to; would this be a generic enough "hook" mechanism that gpg could be included in it?

Actually, RSA is probably the one I'm most wary of (as compared to symmetric ciphers like IDEA and CAST). Given the pace of public innovation in factoring large numbers into primes, and the NSA's head start, I wouldn't be terribly suprised if they could beat most RSA systems in use today.

This is the United States Government we are talking about. I will tell you what, if they are releasing restriction on the export of 128-bit encryption then it is time to get something stronger. This means that they have probably found a reliable why of hacking through the technology. I mean really, when was the last time the United States Government gave something away for nothing.

Be very cautious my friends! Remember encryption technology is always considered unbreakable right up until the moment it is broken.

My guess is yes. Everyone assumes that the NSA won't give away the export restrictions on codes they can't break, but I'd say that they see a bigger threat. With the congress getting more good information from sources outside the goverment on encryption they are probably starting to question the export restrictions the same way that all of us do. Now when that starts happening certain agencies will look bad, very bad. When you look bad to congress you tend to come under all sorts of nasty reviews and hearings (closed door in this case, if it were to happen) and in general budgets get cut and/or restrictions get placed that are forms of buercratic torture.

Maybe I'm just a little to jaded from my proximity to the beltway, but so are all the people making these decisions.

When I was at Apple, I heard a bit about the "technical review" that the NSA did on AOCE. The NSA apparently insisted that a function be inserted into the key generation. My understanding is that the function reduced the keyspace from 2^64 to about 2^40, though the keys remained 64 bits in length. The function also avoided classes of keys known to be weak. I have to believe that there are more than 2^40 strong keys in that space.

So, while in some sense strengthening the product - by avoiding weak keys - they also, in my opinion, enabled their ability to decrypt communication.

Now, I never knew what the function was - I really don't want to know - but I doubt that it would take more than a few weeks for an attacker with MacNosy to find the function in AOCE.

Do you think that other "technical reviews" are significantly different? Lets hear from someone directly involved in one.

I can't yet see this as a Good Thing. The only real voice American citizens had against encryption export controls was actually the voice of big business. Companies with the power, money, and lobbyists to complain loud enough for the government to hear. Now the government has allowed businesses to export encryption and now they are going to be quiet. I hope this doesnt mean that the remaining encryption issues are just going to be ignored by the government.

The kind of technical review they're referring to already happens during a license request under the current rules. If it didn't we could all be exporting strong crypto and lying to the government about its strength.

There's no reason to believe they'd be any more likely to coerce companies into including backdoors than they are now. The real news is that they're proposing to allow companies to go through the process less frequently. This means the companies waste less money and aren't as late in getting their products to market.

While certain parts of the government may be giving it away others may be kicking and screaming. If you go back to the DES release, the NSA was DEAD SET against releasing it in a fasion that could be put in software. It appears that it was released in algorithm form by accident or before they could complain.

It's more likly that the elected officials are listening less to the IC/LE communities and more towards the big contributors (high tech firms and entrpenuers (sp?)) that are playing more of a role in the expensive compaigns for congress and president. You throw enough money around in this town and you'd be surprised how many "converts" appear at your door step.

You're not going to get an answer out of any government official on that. The only way to find out is to try it. If they bust down your door and confiscate your equipment and throw you in jail, I guess it did count as a hook!

This is the "chilling effect" I was talking about... in action, right here on Slashdot!

As long as the American regime is still pushing cryptography as something that will let evil terrophiles reign free, I wouldn't hold my breath.

I have to say, that word, terrorphile, is great. I mean, it makes sense when you think of it (one?) as the conglomerated argument against crypto, but it also makes sense when you think of a terrorphile as like this evil maniacal genius with a long mustache who receives a jolt of pleasure each time he does something to invoke terror.

It's the best word since CommuNazi. I suggest we adopt terrorphile as a word to be used to mock those who argue against strong cryptography.

Maybe, but there's no reason why that same governement in North Korea can't buy or construct similar software without having to steal it from the US - given enough time and resources, of course.

That's the whole problem with US encryption export restrictions; anything that can be thought of or manufactured in the US of A, can also be thought of or manufactured anywhere else in the world (well, technically speaking anyway). While the US governement was vigilantly trying to protect its technology, the rest of the world was simply playing catch-up. Now that non-US companies are freely selling and exporting encryption products of similar or identical strength as their American counterparts to anywhere in the world, US companies are finding themselves crippled by the very laws that were meant to protect them.

Possibly, but there might be a loophole. Right now crypto software is illegal to distribute as source code. But there's nothing to stop a US citizen from downloading it from a US site or another brand of citizen from downloading it from another countries site. That still remains which makes intercontinental development efforts difficult.

For end users though some company could go through the effort of passing the encryption technology through the government review process. Say, Red Hat for instance, and make those binaries available to anybody.

I don't think this loophole will work personally because I think the review results will be: "Uhh, this encryption doesn't suck, make it suck or we'll tie you up in the review process for eternity". Of course, maybe we'd be pleasantly suprised.

This decision only applies to binaries. (i.e. no source can be exported). So, Microsoft and IBM get their way. They can get the US to sign off on a product and ship them across international lines. Microsoft, IBM, Sun, and all other closed source firms become content with the state. They are no longer on our side.

Worse, they actually have an advantage at this point. They may fight to keep source from being exportable. That way, their closed source binaries have a better chance of going out. This already happened once when the US gave an exception to banks. Now banks don't care about crypto and no longer lobby Congress.

I mean, look at Red Hat now. They are up shits creek because they are going to be told they cannot ship Linux outside of the US. Worse, the US may make them shut down their international offices in Europe and Japan that they just set up because they export crypto source to those sites.

I think this is going to hurt the open source movement which is tied in many ways to the US. And if people really look at what is going on (and the US begins to enforce the law), all Linux operations will need to move off shore or risk not being able to compete internationally.

Declan McCullagh posted a very interesting tidbit from today's news conference. Janet Reno was asked if the government can break 64-bit crypto (which is what's getting most thoroughly decontrolled, and which afaik has never been broken publicly) and she said "We have carefully looked at this and think it's possible." Previously I don't think the government had even ever openly admitted to being able to break 40-bit crypto.

Either they can break it, or they have a way around like (like snooping the keys a way or another, or getting the keystroke directly, etc.) We often tend to forget encryption is just one step of the security process, it's perfectly possible to have a completely good encryption system and yet not achieve security because of a weak link in the process.

However I think easing the restriction will be nice for doing business online. I confess I'm less worried about the NSA or some other governemantal agency (from the US or another country) spying on communications than of some random criminal spying on comunications and using the data for some theft or malicious purpose. I think better encryption will serve us against the later.

This is a very good point. Such a move could be very effective in surpressing open encryption development in the US. Most companies use proprietary schemes (despite beign told not to) due to the only type of security that management is familiar with, obscurtiy/secrecy(I don't know how many meetings I've been in where management suggests strength by changing one bit in an algorithm). It may also effectivly allow security from companies like Microsoft (if you want to call any of it secure) to overtake any open source solution, because of the technical review process.

Perhaps this is a side issue, but are you sure about wanting _no_ export controlls on software? If so, I hear there's a government in North Korea itching to buy some atomic bomb simulation software for their weapons research programme.

We may justifiably complain when our governments are over-zealous, but they don't make these rules purely to screw over Joe Citizen.

My understanding of the NSA's position re. DES was that they were opposed to software implementations because they did not believe that any software encryption solution was secure. Indeed, this is still the official line -- check out the Data Encryption Standard and you'll find that it specifies only hardware implementations are compliant.

I don't think the standard could have been published at all without giving away the algorithm; I don't see how releasing DES in "non-algorithm form" could have been done. This "NSA wanted to sit on DES" thing is acquiring the status of an urban myth.

I'm quite prepared to believe that the NSA are black hats, and that they have all sorts of back doors into things. But their public behaviour has not given much support to this view. Every intervention of the NSA of which I am aware has had the effect of making a product more secure, not less.

Which seems right to me. Although encryption can be used by terrorists etc, it would be a poor intelligence organisation indeed which depended on broken signals for its information. The major use of encryption is commercial. And the damage which might be caused by not being able to intercept an email is absolutely nothing compared to the damage to the USA which might be caused by allowing the Bank of America and Citicorp to use an insecure encryption system for their transactions.

I wouldn't rule conspiracy theories out entirely, but I am currently not convinced.